On April 1, 2025, Apple announced the release of iOS 18.4, which comes packed with an impressive array of new features for iPhone users. However, the update also carries a crucial warning: it addresses a staggering total of 62 security vulnerabilities, some of which are quite serious. Given the potential risks, Apple emphasizes the importance of updating your device immediately.
Apple has not disclosed extensive details about the specific vulnerabilities fixed in iOS 18.4 to ensure that users have ample time to update their devices before any malicious actors can exploit these weaknesses. Among the most significant fixes are critical bugs affecting WebKit, the underlying engine for the Safari browser, and the Kernel, which is essential to the iPhone's operating system.
One notable vulnerability, tracked as CVE-2025-30432, allows a malicious application to attempt passcode entries on a locked device, causing escalating time delays after multiple failures. Another important fix is related to WebKit, tracked as CVE-2025-24208, which could expose users to cross-site scripting attacks. This is particularly concerning if users accidentally load a malicious iframe on a trusted website.
According to Adam Boynton, a senior security strategy manager at Jamf, the high number of vulnerabilities patched in iOS 18.4 indicates that attackers are increasingly targeting the WebKit framework. He highlights the significance of the Kernel fix, stating that it “allows an attacker to attempt passcode entries despite the device being locked,” which poses a critical security risk.
Additionally, vulnerabilities in Apple’s Core Media framework have been addressed. This framework, commonly used to process media across various applications, could be exploited by attackers to corrupt process memory and access sensitive information. Boynton warns that while Apple has not confirmed any specific instances of these vulnerabilities being exploited, the publication of these CVEs means that devices still running outdated software are at risk.
Alongside iOS 18.4, Apple also released iPadOS 17.7.6 for older iPad models, including the iPad Pro 12.9-inch 2nd generation and the iPad 6th generation. This update addresses critical flaws, notably an issue in Core Media, tracked as CVE-2025-24085, which could allow a malicious application to elevate privileges. Apple has cautioned that this issue may have been actively exploited against earlier versions of iOS.
Furthermore, iOS 16.7.11 and iOS 15.8.4 were released to fix vulnerabilities in older devices, ensuring that even the most legacy iPhones and iPads receive necessary protections.
In conjunction with the iOS 18.4 release, Apple has also rolled out updates for other platforms, including Safari 18.4 for macOS Ventura and macOS Sonoma, Xcode 16.3 for macOS Sequoia, and tvOS 18.4 and visionOS 2.4 for its mixed reality headset. These updates further enhance security across Apple's ecosystem.
Given the extensive list of over 60 patched vulnerabilities, it is vital for all users to update their devices to iOS 18.4 as soon as possible. Security experts, including Jake Moore from ESET, strongly recommend this update to safeguard your device against potential threats. He notes that unpatched vulnerabilities could allow malicious code to operate on affected devices, risking both personal data and device integrity.
To ensure your iPhone remains protected against these known vulnerabilities, navigate to Settings > General > Software Update and download iOS 18.4 immediately. Keeping your software up to date is essential for maintaining optimal security and functionality on your device.